Introducing The Risk Grid

Shane Martin Coughlan, Andrew Katz

Abstract

A Special Interest Group of the European Legal Network discussed issues around the commercial procurement of Free/Open Source Software, and methods to reduce or contain risk in transactions related to the supply chain. The initial focus of this group was on creating generic contractual language for use by Customers when establishing a relationship with a Supplier. However, it quickly became apparent that for a true solution far more than generic contractual language was required. There needed to be a guidance document to contextualise the scope of potential issues and to describe the potential remedies available for both Customer and Supplier regardless of their relative experience in Free/Open Source Software. To do this the members of the Special Interest Group created the Risk Grid, a table designed to describe the different ways in which publicly available code could be infringed, with rows to separate out each instance, and with example wording to help in drafting procurement contracts for software projects which make use of Free/Open Source Software components.

Important note: See the "Supplementary files" link on the right to download the Risk Grid itself. It is available in ODT and PDF formats.